Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/faramesh/faramesh-core

Runtime governance engine for AI agents.
https://github.com/faramesh/faramesh-core

agentic-ai ai-2025 ai-2026 ai-agents ai-governance compliance cybersecurity deterministic devsecops llm mcp middleware python zero-trust

Last synced: 30 days ago
JSON representation

Runtime governance engine for AI agents.

Awesome Lists containing this project

README 

          



Faramesh



Governance-as-Code for AI agents.



Open source control plane for policy, interception, identity, credentials, and tamper-evident audit.



One stack file. Deterministic decisions. Safer deployments.





	License: MPL-2.0

	Docs

	Latest release






	Join our developer community on Slack

	Read the quickstart




Faramesh demo gif









- Website: https://faramesh.dev

- Documentation: https://docs.faramesh.dev

- Quickstart: https://docs.faramesh.dev/quickstart/

- Policy language (FPL): https://docs.faramesh.dev/fpl/

- Stack reference: https://docs.faramesh.dev/stack/



Faramesh sits between an agent and its tools and decides every tool call against a policy you write. The daemon returns permit, defer, or deny decisions before the tool runs and records tamper-evident evidence for every decision.



The key capabilities of Faramesh are:



- Interception tiers so every call reaches the daemon: SDK shim, MCP proxy, HTTP proxy, and A2A proxy.

- Deterministic enforcement: steps 1 through 8 are pure functions over policy and the action payload, with no LLM in the decision path.

- Identity bound decisions using SPIFFE SVIDs, OIDC, or cloud workload identity.

- Credential brokering that mints short-lived scoped credentials at the call site so agents never hold long-lived secrets.

- Auditing with Decision Provenance Records, a hash-chained WAL, and optional KMS signing plus audit sinks for SIEM.

- Stack-level policy changes that compile atomically, so teams can review and roll out governance as a single unit.

- Decision visibility for humans and systems, including defer flows, structured denials, and exportable evidence for reviews and audits.



## Governance as code



Faramesh policy lives in a single stack file written in FPL, the Faramesh Policy Language. YAML and JSON map to the same AST. The CLI compiles that policy into a deterministic AST that the daemon enforces, and changes are applied atomically.



## Getting Started and Documentation



- Why Faramesh: https://docs.faramesh.dev/introduction/

- How Faramesh works: https://docs.faramesh.dev/concepts/how-it-works/

- Interception: https://docs.faramesh.dev/concepts/interception/

- Enforcement: https://docs.faramesh.dev/concepts/enforcement/

- Identity: https://docs.faramesh.dev/concepts/identity/

- Credentials: https://docs.faramesh.dev/concepts/credentials/

- Auditing: https://docs.faramesh.dev/concepts/auditing/

- Quickstart: https://docs.faramesh.dev/quickstart/

- Write your first policy: https://docs.faramesh.dev/guides/your-first-policy/

- Providers: https://docs.faramesh.dev/providers/

- CLI reference: https://docs.faramesh.dev/cli/



## Developing Faramesh



- Contributing guide: https://docs.faramesh.dev/guides/contributing/



## Repository History Note



If your clone predates the May 18, 2026 history rewrite, fetch the rewritten remote state or reclone before continuing work. The tracked root `faramesh` binary was removed from git history and local clones need to resync to drop the old blob.



## License



See [faramesh-core/LICENSE](LICENSE).